OnePlus 6 security flaw lets anyone bypass its locked bootloader, but a fix is on the way

A security researcher discovered a vulnerability on the OnePlus 6 lets you bypass the phone’s locked bootloader with any modified boot image.

You need physical access to the phone to take advantage of the vulnerability.

OnePlus confirmed the vulnerability and said it will push out a software update to fix the issue.

The OnePlus 6 might be the perfect Pixel alternative, but it also features a serious security flaw that thankfully will be fixed in a software update, reported XDA Developers.

According to Edge Security LLC president and XDA Developers forum member Jason Donenfeld, the OnePlus 6 features a vulnerability that let him bypass the locked bootloader with any modified boot image. Even weirder, Donenfeld did not have to turn on USB debugging. That is usually a requirement when it comes to messing around with your smartphone.

Android Police verified the vulnerability and was able to boot TWRP on its bootloader-locked OnePlus 6. It also noted that folks can modify a stock OnePlus 6 boot image to include root access and an insecure ADB, which would allow an attacker to gain full control of the device if they wanted to.

The good news is that someone would need physical access to your OnePlus 6 to take advantage of the exploit. They would then plug the phone into a computer, restart the phone into fastboot mode, and transfer any arbitrary or modified boot image.

More good news: OnePlus knows about the vulnerability and said it is in contact with Donenfeld. OnePlus also confirmed that a software update will roll out “shortly.”